Teaching

Teaching profile, courses, methods, and supervised theses.

I have 14 years of teaching experience in cybersecurity, with courses in German and English at Ruhr University Bochum and other universities. My teaching combines theoretical foundations, practical attacks/defenses, and research-based learning. Since 2014, I teach my own courses on web security, authentication protocols, and practical hacking.

In 2024, I received the Excellent Teaching Award from the Faculty of Computer Science at Ruhr University Bochum for the Message-Level Security course. In 2022, I received a 5x5000 Award for the e-learning and hands-on platform e‑Hacking.

I support students through project structuring, scientific writing, peer-review preparation, and international presentation practice. This includes mentoring from thesis output towards publication-quality research.

Teaching Philosophy and Methods

Research-Based Learning

I continuously integrate recent security research results and real vulnerability case studies into lectures and exercises. Students learn both technical exploitation and responsible disclosure practices.

Practical Training via e-Hacking Platform

I developed the e-Hacking platform (e-hacking.de) to provide controlled practical exercises on vulnerable services. It is used in multiple universities and covers web security, JSON/XML security, OAuth/OpenID Connect, SAML, and REST APIs.

Tool/Bug of the Week Concept

As part of large-scale teaching formats, I developed practical modules that make security tools and vulnerabilities reproducible in classroom settings and help students bridge theory and practice.

Industry-Integrated Teaching

Since I work in industry consulting and training, I transfer current real-world attack and defense patterns directly into coursework. This keeps lectures highly practical and aligned with operational security challenges.

Course Portfolio

Current Courses

since SS 2026
Lecture: Computer Networks (RUB)
  • Foundations of Computer Networks
  • Top-down approach to network design
  • Task: Supervision of the lecture and the exercises; creation and correction of the exams
since WS 2018
Lecture: Message-Level Security (RUB)
  • Security of REST APIs and data formats (JSON, XML, PDF);
  • Analysis of identity management protocols (OAuth, OpenID Connect, SAML)
  • Task: Supervision of the lecture and the exercises; creation and correction of the exams
since WS 2025
Laboratory Course: Basic Hacking (RUB)
  • A laboratory course focused on hands-on hacking practices: linux basics, network attacks, data security, web security
  • Task: Oversight of the course and development of its educational framework
since WS 2025
Laboratory Course: Advanced Hacking (RUB)
  • A laboratory course focused on advanced hacking on web technologies
  • Task: Oversight of the course and development of its educational framework
since SS 2023
Seminar: Current Topics in IT Security (RUB)
  • Focus on improving the writing, research and presentation skills of students
since SS 2023
Seminar: Network Security (OpenC3S distance learning)
  • Focus on improving the writing, research and presentation skills of students

Previous Courses

SS 2022 - 2024
Lecture Foundations of Cryptography and IT Security (University of Wuppertal)
SS 2020
Lecture Web Security (University of Konstanz)
SS 2014 - 2017, 2019
Lecture Advanced Attack Techniques on the Web (H-BRS)
WS 2012 - 2016
Teaching Assistant XML and Webservice Security (RUB)
SS 2014 and WS 2014
Teaching Assistant Applied IT Security (distance learning, RUB)
SS 2012
Teaching Assistant Network and Data Security (RUB)
Supervised Theses

  1. Toward the Automated Detection and Analysis of Single Page Applications and Their Authentication Mechanisms (2026)
    Master
  2. Sicherheitsanalyse von verschlüsselten XML-basierten Office Dokumenten (2025)
    Master
  3. Systematization and Visualization of PDF Land- scape (2025)
    Master
  4. Security of Self-Modifying PDFs (2025)
    Master
  5. Analyzing HTTP Request Smuggling in an Isolated Environment (2025)
    Master
  6. Sicherheit der E-Mail-basierten Authentifizierung im Internet (2025)
    Bachelor
  7. A Comprehensive Security Analysis of Three Open Source REST APIs Using an OWASP API Top 10 Based Test Catalog (2025)
    Bachelor
  8. Developing an Online Tool for Attacking JSON Web Tokens (2025)
    Bachelor
  9. Security Analysis of PDF Variants (2025)
    Master
  10. Unhiding JavaScript in PDF (2025)
    Bachelor
  11. Systematic Analysis of the PDF Landscape (2024)
    Master
  12. Sicherheitsanalyse der XML Forms Architecture (XFA)-Spezifikation (2024)
    Master
  13. Systematic Security Analysis of Redaction-Tools for PDF Documents (2024)
    Master
  14. Semi-Automated Black-Box Security Analysis of the CMS Signature Verification on the example of PDF-Viewers (2024)
    Master
  15. Traffic Analysis of Single Sign-On Authentication Schemes (2023)
  16. Leaky SSO: Investigating the Privacy of Single Sign-On in the Real World (2023)
    Bachelor
  17. SSO-History: On the Historic Development of the Single Sign-On Landscape, Security, and Privacy (2023)
    Bachelor
  18. Demystifying Scan Configurations for Single Sign- On Detection in the Wild (2023)
    Bachelor
  19. Analysis of the Long-Term Archiving Portable Document Format: PDF/A (2023)
    Bachelor
  20. Vollautomatisierte Single Sign-On Detektion auf Grundlage von Bilderkennung (2023)
    Bachelor
  21. Visual Signature Spoofing in PDFs (2023)
    Bachelor
  22. Security Analysis of the Open Packaging Conventions on the Example of OOXML and 3MF (2023)
    Master
  23. Fully Automated Discovery and Analysis of REST-APIs (2023)
    Master
  24. On the Security and Privacy of Single Sign-On Logins in Single-Page Applications (2023)
    Master
  25. Analysis of the Financial-Grade API (FAPI) (2022)
    Bachelor
  26. Security of 3D Printer Web Interfaces (2022)
    Bachelor
  27. On the Security of 3D Printers: Analyzing the Impact of Machine Codes (2022)
    Master
  28. SECURITY EVALUATION OF PDF LIBRARIES (2022)
    Master
  29. Automated Security Analysis of Unauthorized Access in Real-World REST APIs (2022)
    Master
  30. Security Analysis of File Formats for 3D Printing Software (2022)
    Master
  31. Automatic Detection of Insecure PostMessage Usages in Single Sign-On (2021)
    Bachelor
  32. Master Thesis Security Evaluation and Classification of Malicious PDFs in the wild (2021)
    Master
  33. Security Analysis of Real-Life OpenID Connect Implementations (2021)
    Master
  34. Die Wirksamkeit von Antivirus-Programmen in der Erkennung von PDF-Malware (2021)
    Bachelor
  35. A security analysis on pdf redaction (2021)
    Bachelor
  36. Single Sign-On Security: Security Analysis of real-life OpenID Connect implementations (2020)
    Master
  37. Systematic Security Analysis of Signed PDF Documents (2020)
    Master
  38. Security and Privacy of Social Logins (2020)
    Master
  39. Digital Signatures in PDF - Usability Study of Adobe Reader DC & Foxit Reader (2020)
  40. Documentation and Security Evaluation of Real-life Single Sign-On (2020)
    Bachelor
  41. Sicherheitsanalyse und Evaluierung von signierten PDF Dokumenten (2019)
    Master
  42. Fiddling with PKCS7 Signatures on the Example of PDF (2019)
    Master
  43. Security Evaluation of Google Pay API as a Payment Tokenization Protocol (2019)
    Master
  44. Evaluierung der Sicherheit von JavaScript in PDFs an dem Beispiel von Adobe Acrobat Reader DC (2019)
    Bachelor
  45. Differential Fuzzing of XPath (2019)
    Bachelor
  46. Sicherheitsanalyse von OpenDocument v1.2 (2019)
    Master
  47. Security Evulation and Classification of Vulnerabilities in REST API Management Frameworks (2019)
    Master
  48. Analyse und Implementierung einer Universal Second Factor (U2F) Authentifizierung (2019)
    Bachelor
  49. Security of PDF Signatures (2018)
    Master AWARD
  50. Analyzing the Capabilities of Open Source Cyber Security Monitoring Tools Using the Example of Security Onion (2018)
    Master
  51. Automating Single Sign-On Logins on Android Devices (2018)
    Bachelor
  52. Security Analysis of SSO Implementations (2018)
    Master
  53. Evaluation der Sicherheit des Amazon Pay Dienstes (2018)
    Bachelor
  54. Evaluation der Signaturverifikation im Adobe Reader (2017)
    Bachelor
  55. Measuring Security in Web Service Based Streaming of Business Data (2017)
    Master
  56. On the (in-)security of JavaScript Object Signing and Encryption (2016)
    Master
  57. Security and Privacy Analysis of the HTTP/2 Protocol (2016)
    Bachelor
  58. Cashier-as-a-Service based Webshops Overview and Steps towards Security Testing (2016)
    Bachelor
  59. Exploiting Network Printers (2016)
    Master AWARD
  60. Sicherheitsanalyse von OpenID Connect auf bestehende Implementierungen (2016)
    Master
  61. Kryptografie im Browser (2016)
    Master
  62. Angriffe auf moderne Single Sign-on Protokolle mit BurpSuite (2016)
    Bachelor
  63. Evaluation von JavaScript Bibliotheken zur Darstellung und Bearbeitung von Office Dokumenten (2016)
    Bachelor
  64. Master Thesis Security Implications of DTD Attacks Against a Wide Range of XML Parsers (2015)
    Master
  65. Sicherheitsanalyse von OpenID Connect Implementierungen (2015)
    Bachelor
  66. SSO Security in the Wild – An Automated Security Evaluation of OpenID Websites (2015)
    Master
  67. Analysis of Encrypted Databases with CryptDB (2015)
    Bachelor
  68. Sicherheitsanalyse des Single Sign-On Dienstes Microsoft-Konto (2015)
    Bachelor
  69. Log Me In with Facebook: Security Analysis of Facebook Connect (2015)
    Bachelor
  70. Sicherheitsanalyse von Facebook-Login auf Android Systemen (2015)
    Bachelor
  71. Hardening OpenID Connect Authentication Flow via the TLS Secure Binding Holder-of-Key (2015)
    Bachelor
  72. Automatic Recognition, Processing and Attacking of Single Sign-On Protocols with Burp Suite (2015)
    Bachelor
  73. Single Sign-On – OpenID Connect(ing) people (2014)
    Master
  74. Continuous Security Audit of Virtualized Infrastructures (2014)
    Master
  75. Semi-Automatic Evaluation of Browser-Based Authentication Mechanisms (2014)
    Master
  76. Praktische Sicherheitsanalyse des Mozilla Single Sign-on Protokolls BrowserID (2014)
    Bachelor
  77. TLS secure bindings and their application in Single Sign-On schemes (2014)
    Bachelor
  78. Sicherheitsanalyse von OAuth 2.0~{m}ittels Web Angriffen auf bestehende Implementierungen (2013)
    Master
  79. Definition and Development of a Security Policy-Framework for a (Inter-) National PKI Structure Regarding the New Electronic Travel Documents (2013)
    Master
  80. Developing a Security Analysis Tool for OpenID-based Single Sign-On Systems (2013)
    Bachelor
  81. W3{C} Web Cryptography {API} Übersicht, Stand und Möglichkeiten (2013)
    Bachelor
  82. Automated Penetration Testing for SAML-based SSO Frameworks (2012)
    Master
  83. Serverseitiger Einsatz von Trusted Platform Modules in Unternehmen (2012)
    Bachelor
  84. Security Analysis of Login Mechanisms in the Cloud (2012)
    Bachelor